Skip to content

Instantly share code, notes, and snippets.

@amfeng
Last active February 1, 2020 17:04
Show Gist options
  • Save amfeng/3517668 to your computer and use it in GitHub Desktop.
Save amfeng/3517668 to your computer and use it in GitHub Desktop.
Stripe OAuth Example -- Python
<!doctype html>
<head>
<title>Stripe OAuth Example</title>
</head>
<body>
{{ token }}
</body>
</html>
<!doctype html>
<head>
<title>Stripe OAuth Example</title>
</head>
<body>
<a href="/authorize">Connect with Stripe</a>
</body>
</html>
API_KEY = 'YOUR_SECRET_API_KEY'
CLIENT_ID = 'YOUR_CLIENT_ID'
from flask import Flask, render_template, request, redirect
import requests
import urllib
app = Flask(__name__)
app.config.from_pyfile('keys.cfg')
app.config['SITE'] = 'https://connect.stripe.com'
app.config['AUTHORIZE_URI'] = '/oauth/authorize'
app.config['TOKEN_URI'] = '/oauth/token'
@app.route('/')
def index():
return render_template('index.html')
@app.route('/authorize')
def authorize():
site = app.config['SITE'] + app.config['AUTHORIZE_URI']
params = {
'response_type': 'code',
'scope': 'read_write',
'client_id': app.config['CLIENT_ID']
}
# Redirect to Stripe /oauth/authorize endpoint
url = site + '?' + urllib.urlencode(params)
return redirect(url)
@app.route('/oauth/callback')
def callback():
code = request.args.get('code')
data = {
'client_secret': app.config['API_KEY'],
'grant_type': 'authorization_code',
'client_id': app.config['CLIENT_ID'],
'code': code
}
# Make /oauth/token endpoint POST request
url = app.config['SITE'] + app.config['TOKEN_URI']
resp = requests.post(url, params=data)
# Grab access_token (use this as your user's API key)
token = resp.json.get('access_token')
return render_template('callback.html', token=token)
if __name__ == '__main__':
app.run()
@jayweiler
Copy link

Thanks so much for this! I've been trying to get oauth working with flask all weekend this was the by far the clearest example I've found.

@lucasvickers
Copy link

I'm a little confused. Is this a standard OAuth workflow? I don't see any signing or encryption ever taking place. Sorry if I'm misunderstanding it, thanks.

edit
Never mind, looks like OAuth 2 offloads all encryption, hence why people believe it to be insecure. Got it now, thanks!

@kaiserama
Copy link

Just a note, in the callback route I had to call json as a function prior to get:

token = resp.json().get('access_token')

@scottsappen
Copy link

Hey, if anyone needs a deauth example, here you go (setting the auth header)...
headers = {'Authorization': "bearer " + _STRIPE_SECRET_KEY}
resp = requests.post(url, params=data, headers=headers)

@vincentalvo
Copy link

In server.py, line 43, resp.json.get('access_token') is a function and should be resp.json().get('access_token')

Just got an error, easily fixable though ;-)

@aaronmader
Copy link

token = resp.json.get('access_token')
should be
token = resp.json().get('access_token')

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment